[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. 2020/12/16 17:46:14 parsed 1 programs 2020/12/16 17:46:15 executed programs: 0 syzkaller login: [ 546.552863] IPVS: ftp: loaded support on port[0] = 21 [ 546.658537] chnl_net:caif_netlink_parms(): no params data found [ 546.756312] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.762890] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.770695] device bridge_slave_0 entered promiscuous mode [ 546.778224] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.784579] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.792626] device bridge_slave_1 entered promiscuous mode [ 546.810779] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 546.819469] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 546.837641] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 546.845475] team0: Port device team_slave_0 added [ 546.850844] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 546.858905] team0: Port device team_slave_1 added [ 546.874282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 546.880666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 546.905951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 546.917365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 546.923587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 546.949430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 546.960106] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 546.967678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 546.986702] device hsr_slave_0 entered promiscuous mode [ 546.992967] device hsr_slave_1 entered promiscuous mode [ 546.999228] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 547.006410] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 547.070592] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.077220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.083908] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.090299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 547.119187] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 547.126883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 547.134503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 547.143940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 547.154056] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.161268] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.168586] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 547.179056] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 547.185361] 8021q: adding VLAN 0 to HW filter on device team0 [ 547.193978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 547.201879] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.208273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 547.218288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 547.226238] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.232558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.251852] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 547.261933] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 547.273270] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 547.280916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 547.288831] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 547.296862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 547.304326] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 547.312190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 547.319113] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 547.330170] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 547.338466] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 547.345617] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 547.355805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.368309] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 547.378513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 547.412072] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 547.419737] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 547.427152] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 547.436756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 547.444233] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 547.451913] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 547.460902] device veth0_vlan entered promiscuous mode [ 547.469452] device veth1_vlan entered promiscuous mode [ 547.475624] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 547.483923] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 547.496501] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 547.505671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 547.512867] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 547.520650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 547.530502] device veth0_macvtap entered promiscuous mode [ 547.536999] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 547.544774] device veth1_macvtap entered promiscuous mode [ 547.553489] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 547.562992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 547.572742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 547.579980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 547.588344] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 547.598233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 547.605413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 547.710189] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 547.718091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.730925] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.741138] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 547.753203] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 547.760200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.767461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 547.774139] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 548.595829] Bluetooth: hci0: command 0x0409 tx timeout [ 550.674694] Bluetooth: hci0: command 0x041b tx timeout 2020/12/16 17:46:20 executed programs: 4 [ 552.754426] Bluetooth: hci0: command 0x040f tx timeout [ 554.834112] Bluetooth: hci0: command 0x0419 tx timeout 2020/12/16 17:46:26 executed programs: 10 2020/12/16 17:46:31 executed programs: 16 2020/12/16 17:46:36 executed programs: 22 2020/12/16 17:46:41 executed programs: 28 2020/12/16 17:46:46 executed programs: 34 2020/12/16 17:46:51 executed programs: 40 2020/12/16 17:46:56 executed programs: 46 [ 673.625058] Bluetooth: hci0: command 0x0406 tx timeout [ 749.620563] INFO: task syz-executor.0:8734 blocked for more than 140 seconds. [ 749.627943] Not tainted 4.19.163-syzkaller #0 [ 749.633002] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 749.641120] syz-executor.0 D27992 8734 8137 0x00000004 [ 749.646755] Call Trace: [ 749.649330] __schedule+0x887/0x2040 [ 749.653085] ? io_schedule_timeout+0x140/0x140 [ 749.657669] ? mark_held_locks+0xf0/0xf0 [ 749.661799] schedule+0x8d/0x1b0 [ 749.665162] schedule_timeout+0x92d/0xfe0 [ 749.669335] ? usleep_range+0x170/0x170 [ 749.673351] ? try_to_wake_up+0x733/0x1050 [ 749.677661] ? wait_for_common+0x294/0x470 [ 749.681963] ? lock_downgrade+0x720/0x720 [ 749.686106] ? lock_acquire+0x170/0x3c0 [ 749.690060] ? wait_for_common+0x9e/0x470 [ 749.694242] ? _raw_spin_unlock_irq+0x24/0x80 [ 749.698757] wait_for_common+0x29c/0x470 [ 749.702884] ? __flush_work+0x37e/0x8b0 [ 749.706873] ? bit_wait_io_timeout+0x100/0x100 [ 749.711493] ? wake_up_q+0xe0/0xe0 [ 749.715031] ? _raw_spin_unlock_irq+0x24/0x80 [ 749.719539] __flush_work+0x4bb/0x8b0 [ 749.723388] ? alloc_unbound_pwq+0xc10/0xc10 [ 749.727810] ? flush_workqueue_prep_pwqs+0x570/0x570 [ 749.732966] ? _raw_spin_unlock_irq+0x5a/0x80 [ 749.737467] ? __flush_work+0x4cf/0x8b0 [ 749.741715] ? trace_hardirqs_off+0x64/0x200 [ 749.746125] ? __cancel_work_timer+0x3ba/0x590 [ 749.750909] __cancel_work_timer+0x412/0x590 [ 749.755317] ? try_to_grab_pending+0x6f0/0x6f0 [ 749.759883] ? lock_downgrade+0x720/0x720 [ 749.764103] ? lock_acquire+0x170/0x3c0 [ 749.768074] ? p9_fd_close+0x172/0x520 [ 749.771999] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 749.777102] p9_fd_close+0x305/0x520 [ 749.780883] p9_client_create+0x901/0x12e0 [ 749.785117] ? setup_fault_attr+0x200/0x200 [ 749.789420] ? p9_client_flush+0x490/0x490 [ 749.793700] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 749.798710] ? __lockdep_init_map+0x100/0x5a0 [ 749.803247] ? __raw_spin_lock_init+0x28/0x100 [ 749.807827] v9fs_session_init+0x1dd/0x1770 [ 749.812193] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 749.817032] ? v9fs_show_options+0x760/0x760 [ 749.821485] ? setup_fault_attr+0x200/0x200 [ 749.825800] ? lock_acquire+0x170/0x3c0 [ 749.829752] ? check_preemption_disabled+0x41/0x280 [ 749.834820] ? v9fs_mount+0x54/0x910 [ 749.838532] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 749.843822] ? kmem_cache_alloc_trace+0x323/0x380 [ 749.848670] v9fs_mount+0x73/0x910 [ 749.852252] ? alloc_pages_current+0x19b/0x2a0 [ 749.856831] ? __lockdep_init_map+0x100/0x5a0 [ 749.861377] mount_fs+0xa3/0x30c [ 749.864753] vfs_kern_mount.part.0+0x68/0x470 [ 749.869241] do_mount+0x113c/0x2f10 [ 749.872911] ? do_raw_spin_unlock+0x171/0x230 [ 749.877402] ? check_preemption_disabled+0x41/0x280 [ 749.882470] ? copy_mount_string+0x40/0x40 [ 749.886699] ? copy_mount_options+0x59/0x380 [ 749.891155] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 749.896184] ? kmem_cache_alloc_trace+0x323/0x380 [ 749.901076] ? copy_mount_options+0x26f/0x380 [ 749.905567] ksys_mount+0xcf/0x130 [ 749.909101] __x64_sys_mount+0xba/0x150 [ 749.913112] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 749.917691] do_syscall_64+0xf9/0x620 [ 749.921544] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 749.926737] RIP: 0033:0x45e149 [ 749.929910] Code: 8d 15 4b da 21 01 48 8b 1c ca 83 3d 70 73 24 01 00 75 27 48 89 58 28 48 8b 44 24 20 48 89 04 ca 48 8d 05 22 da 21 01 48 89 04 <24> e8 91 c4 fa ff 48 8b 6c 24 28 48 83 c4 30 c3 48 8d 78 28 48 89 [ 749.949079] RSP: 002b:00007f15cac7ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 749.956840] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e149 [ 749.964269] RDX: 0000000020000240 RSI: 0000000020000200 RDI: 0000000000000000 [ 749.971585] RBP: 000000000119c1c8 R08: 0000000020000580 R09: 0000000000000000 [ 749.978845] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c184 [ 749.986164] R13: 00007ffc3790f57f R14: 00007f15cac7b9c0 R15: 000000000119c184 [ 749.993502] [ 749.993502] Showing all locks held in the system: [ 749.999817] 1 lock held by khungtaskd/1567: [ 750.008259] #0: 000000001d2bbbcc (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265 [ 750.016958] 2 locks held by kworker/1:3/4712: [ 750.021915] #0: 0000000058fc6d81 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 [ 750.031261] #1: 0000000027fd2b49 ((work_completion)(&m->wq)){+.+.}, at: process_one_work+0x79c/0x1570 [ 750.040791] 1 lock held by in:imklog/7794: [ 750.045011] #0: 0000000099f141cd (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 [ 750.053244] [ 750.054877] ============================================= [ 750.054877] [ 750.061927] NMI backtrace for cpu 0 [ 750.065547] CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.163-syzkaller #0 [ 750.072971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.082332] Call Trace: [ 750.084902] dump_stack+0x1fc/0x2fe [ 750.088508] nmi_cpu_backtrace.cold+0x63/0xa2 [ 750.092985] ? lapic_can_unplug_cpu.cold+0x39/0x39 [ 750.097901] nmi_trigger_cpumask_backtrace+0x1a6/0x1eb [ 750.103158] watchdog+0x991/0xe60 [ 750.106592] ? reset_hung_task_detector+0x30/0x30 [ 750.111425] kthread+0x33f/0x460 [ 750.114771] ? kthread_park+0x180/0x180 [ 750.118723] ret_from_fork+0x24/0x30 [ 750.122512] Sending NMI from CPU 0 to CPUs 1: [ 750.127520] NMI backtrace for cpu 1 [ 750.127526] CPU: 1 PID: 4690 Comm: systemd-journal Not tainted 4.19.163-syzkaller #0 [ 750.127531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.127535] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x50 [ 750.127544] Code: 00 6e 88 4c 89 25 cc 39 bf 0b 41 bc f4 ff ff ff e8 a0 f9 ea ff 48 c7 05 b6 39 bf 0b 00 00 00 00 e9 39 ec ff ff 90 48 8b 34 24 <65> 48 8b 04 25 80 df 01 00 65 8b 15 ec 0e 9d 7e 81 e2 00 01 1f 00 [ 750.127548] RSP: 0018:ffff8880a0d8fc40 EFLAGS: 00000046 [ 750.127554] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff816a0737 [ 750.127559] RDX: 0000000000000000 RSI: ffffffff816a0740 RDI: 0000000000000005 [ 750.127563] RBP: ffff88813be83e40 R08: 0000000000000000 R09: 0000000000000000 [ 750.127567] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000286 [ 750.127572] R13: ffff88813be83e40 R14: ffff88809fb00380 R15: ffff8880a0d8fd50 [ 750.127577] FS: 00007f16b7df28c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 750.127580] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 750.127585] CR2: 00007f16b51d6008 CR3: 00000000a0dbb000 CR4: 00000000001406e0 [ 750.127589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 750.127593] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 750.127596] Call Trace: [ 750.127599] trace_hardirqs_off+0x50/0x200 [ 750.127602] kmem_cache_free+0x56/0x260 [ 750.127605] putname+0xe1/0x120 [ 750.127608] filename_lookup+0x3d0/0x5a0 [ 750.127611] ? filename_parentat+0x590/0x590 [ 750.127614] ? __phys_addr_symbol+0x2c/0x70 [ 750.127617] ? __check_object_size+0x17b/0x3d1 [ 750.127620] ? getname_flags+0x25b/0x590 [ 750.127623] do_faccessat+0x248/0x7a0 [ 750.127626] ? __ia32_sys_fallocate+0x140/0x140 [ 750.127630] ? trace_hardirqs_off_caller+0x6e/0x210 [ 750.127633] ? do_syscall_64+0x21/0x620 [ 750.127636] do_syscall_64+0xf9/0x620 [ 750.127639] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 750.127642] RIP: 0033:0x7f16b70ae9c7 [ 750.127651] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48 [ 750.127655] RSP: 002b:00007fff09079298 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 750.127662] RAX: ffffffffffffffda RBX: 00007fff0907c2c0 RCX: 00007f16b70ae9c7 [ 750.127666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055590ecfd9a3 [ 750.127671] RBP: 00007fff090793e0 R08: 000055590ecf33e5 R09: 0000000000000018 [ 750.127675] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 750.127680] R13: 0000000000000000 R14: 000055590fa128a0 R15: 00007fff090798d0 [ 750.128013] Kernel panic - not syncing: hung_task: blocked tasks [ 750.384215] CPU: 0 PID: 1567 Comm: khungtaskd Not tainted 4.19.163-syzkaller #0 [ 750.391659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.401005] Call Trace: [ 750.403579] dump_stack+0x1fc/0x2fe [ 750.407189] panic+0x26a/0x50e [ 750.410391] ? __warn_printk+0xf3/0xf3 [ 750.414254] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 750.419333] ? cpumask_next+0x3c/0x40 [ 750.423115] ? printk_safe_flush+0xd6/0x120 [ 750.427431] ? watchdog+0x991/0xe60 [ 750.431038] ? nmi_trigger_cpumask_backtrace+0x15e/0x1eb [ 750.436468] watchdog+0x9a2/0xe60 [ 750.439904] ? reset_hung_task_detector+0x30/0x30 [ 750.444728] kthread+0x33f/0x460 [ 750.448095] ? kthread_park+0x180/0x180 [ 750.452049] ret_from_fork+0x24/0x30 [ 750.456590] Kernel Offset: disabled [ 750.460207] Rebooting in 86400 seconds..